vault

package

v1.3.3 Latest Latest Go to latest Published: May 16, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fybrik/fybrik

Links

Open Source Insights

Documentation ¶

Index ¶

func GetAuthPath(authPath string) string
func GetKubeSecretDetailsFromVaultPath(credentialsPath string) (string, string, error)
func PathForReadingKubeSecret(secretNamespace, secretName string) string
type Connection
- func NewConnection(addr, token string) (*Connection, error)
type Dummy
- func NewDummyConnection() *Dummy
type Interface
- func InitConnection(addr, token string) (Interface, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetAuthPath ¶ added in v1.1.0

func GetAuthPath(authPath string) string

GetAuthPath returns the auth method path to use It is of the form v1/auth/<auth path>/login TODO - Different credentials for different data flows (read, write, delete)

func GetKubeSecretDetailsFromVaultPath ¶ added in v0.7.0

func GetKubeSecretDetailsFromVaultPath(credentialsPath string) (string, string, error)

Given a path to Vault secret that holds dataset credentials return the name of the secret and its namespace for example, for vault secret path: "/v1/kubernetes-secrets/my-secret?namespace=default" the returned values will be my-secret and default

func PathForReadingKubeSecret ¶

func PathForReadingKubeSecret(secretNamespace, secretName string) string

PathForReadingKubeSecret returns the path to Vault secret that holds dataset credentials stored in kubernetes secret. Vault plugin vault-plugin-secrets-kubernetes-reader is used for reading kubernetes secret (https://github.com/fybrik/vault-plugin-secrets-kubernetes-reader) The path contains the following parts: - pluginPath is the Vault path where vault-plugin-secrets-kubernetes-reader plugin is enabled. - secret name - secret namespace for example, for secret name my-secret and namespace default it will be of the form: "/v1/kubernetes-secrets/my-secret?namespace=default"

Types ¶

type Connection ¶

type Connection struct {
	Client  *api.Client
	Address string
	Token   string
}

Connection contains required information for connecting to vault

func NewConnection ¶

func NewConnection(addr, token string) (*Connection, error)

NewConnection returns a new Connection object

func (*Connection) AddSecret ¶

func (c *Connection) AddSecret(path string, credentials map[string]interface{}) error

AddSecret adds a secret to vault

func (*Connection) AddSecretFromStruct ¶

func (c *Connection) AddSecretFromStruct(path string, creds interface{}) error

AddSecretFromStruct constructs a vault secret from the given structure

func (*Connection) DeletePolicy ¶

func (c *Connection) DeletePolicy(policyName string) error

DeletePolicy removes the policy with the given name from vault

func (*Connection) DeleteSecret ¶

func (c *Connection) DeleteSecret(vaultPath string) error

DeleteSecret deletes a secret

func (*Connection) GetSecret ¶

func (c *Connection) GetSecret(vaultPath string) (string, error)

GetSecret returns the stored secret as json

func (*Connection) LinkPolicyToIdentity ¶

func (c *Connection) LinkPolicyToIdentity(identity, policyName, boundedNamespace, serviceAccount, auth, ttl string) error

LinkPolicyToIdentity registers a policy for a given identity or role, meaning that when a person or service of that identity logs into vault and tries to read or write a secret the provided policy will determine whether that is allowed or not.

func (*Connection) Mount ¶

func (c *Connection) Mount(path string) error

Mount mounts a key-value secret provider (kv version 1) to manage the storage of the secrets

func (*Connection) RemovePolicyFromIdentity ¶

func (c *Connection) RemovePolicyFromIdentity(identity, policyName, auth string) error

RemovePolicyFromIdentity removes the policy from the authentication identity with which it is associated, meaning this policy will no longer be invoked when a person or service authenticates with this identity.

func (*Connection) WritePolicy ¶

func (c *Connection) WritePolicy(policyName, policy string) error

WritePolicy stores in vault the policy indicated. This can be associated with a vault token or an authentication identity to ensure proper use of secrets. Example policy: "path \"identities/test-identity\" {\n capabilities = [\"read\"]\n }"

NOTE the line returns and the tab. Without them it fails!

type Dummy ¶

type Dummy struct {
	// contains filtered or unexported fields
}

Dummy implementation for testing

func NewDummyConnection ¶

func NewDummyConnection() *Dummy

NewDummyConnection returns a new Dummy object

func (*Dummy) AddSecret ¶

func (c *Dummy) AddSecret(path string, credentials map[string]interface{}) error

func (*Dummy) AddSecretFromStruct ¶

func (c *Dummy) AddSecretFromStruct(path string, creds interface{}) error

func (*Dummy) DeletePolicy ¶

func (c *Dummy) DeletePolicy(policyName string) error

func (*Dummy) DeleteSecret ¶

func (c *Dummy) DeleteSecret(vaultPath string) error

func (*Dummy) GetSecret ¶

func (c *Dummy) GetSecret(vaultPath string) (string, error)

func (*Dummy) LinkPolicyToIdentity ¶

func (c *Dummy) LinkPolicyToIdentity(identity, policyName, boundedNamespace, serviceAccount, auth, ttl string) error

func (*Dummy) Mount ¶

func (c *Dummy) Mount(path string) error

func (*Dummy) RemovePolicyFromIdentity ¶

func (c *Dummy) RemovePolicyFromIdentity(identity, policyName, auth string) error

func (*Dummy) WritePolicy ¶

func (c *Dummy) WritePolicy(policyName, policy string) error

type Interface ¶

type Interface interface {
	LinkPolicyToIdentity(identity string, policyName string, boundedNamespace string, serviceAccount string, auth string, ttl string) error
	RemovePolicyFromIdentity(identity string, policyName string, auth string) error
	WritePolicy(policyName string, policy string) error
	DeletePolicy(policyName string) error
	Mount(path string) error
	DeleteSecret(vaultPath string) error
	GetSecret(vaultPath string) (string, error)
	AddSecret(path string, credentials map[string]interface{}) error
	AddSecretFromStruct(path string, creds interface{}) error
}

Interface provides vault functionality

func InitConnection ¶

func InitConnection(addr, token string) (Interface, error)

InitConnection creates a new connection to vault. Note that it assumes that the home path has been mounted during the vault setup.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL